Representatives from the European Banking Industry ask for more legal guidance on how data protection laws should be interpreted, specifically in the Anti-Money-Laundering (AML) realm.
European banking industry representatives are asking for assistance and more legal guidance, amid their claims that there seems to be some tensions between the objectives of the GDPR and Anti Money Laundering (AML) procedures. While they admit that the GDPR, which has been in effect from May 2018, is a great regulatory initiative to protect the privacyrights , it may also be protecting the privacy of criminal networks. Representatives from the European Banking Industry ask for more inclusive and pragmatic guidance on the interpretation of the GDPR laws in the AML realm.
Wim Mijs, CEO of the European Banking Federation, while speaking at an event in Brussels on Feb. 19 had this to say: “We have the GDPR in Europe and it is a great regulation that protects the privacy of citizens. But when it leads to the protection of criminal networks, something is wrong. In my view, the GDPR gives the opportunity to do good law enforcement and exchange of information, but it’s lacking,”
The Example of Denmark’s AML Task Force
Denmark’s Money-Laundering Task Force, established in 2018 in light of revelations that their country’s largest financial institution, had been involved in a dirty money scandal, recently underwent a year’s work with experts, lawyers and representatives from the largest banks in Denmark. The task force found that the implementation of EU data privacy regulations could impede the banks’ abilities to efficiently combat money laundering. However, the GDPR allows for the processing of data when “necessary for compliance with a legal obligation.” These include “ know your customer” and other AML-related regulation, as indicated by Emmanuel Plasschaert, a Brussels-based lawyer at Crowell & Moring, specializing in GDPR and AML. He explained in an interview, that despite possible friction between the two sets of regulation, banks do have the flexibility under GDPR, to process data in their AML efforts.
Banks Need Further Guidance.
Whereas European banks filter and flag money laundering activities through their typical AML processes, their representatives seem to feel that this is too difficult when they also have to consider their legal obligations under the GDPR.While there may indeed be a healthy balance, the bank representatives require additional legal support in finding it. Roger Kaiser, senior policy adviser on fiscal and AML at the European Banking Federation, claims that banks process data that is “not strictly required by legal obligations,” In those cases, it is unclear what is permitted under GDPR. Kaiser is calling for “inclusive and pragmatic guidance on how to interpret the GDPR in an AML context.” He believes that should be developed together with the European Banking Authority, which is the agency responsible for ensuring consistent and effective application of the EU’s AML directive.
According to Dr Bostjan Makarovic, Aphaia’s Managing Partner, “all AML measures clearly fall under legitimate interest but a guidance might provide for clearer answers as to the proportionality of such legitimate measures from the individuals rights’ point of view”.